Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client cert callback to check if trusted certificate authorities match with client certificate chain #4900

Merged
merged 3 commits into from
Dec 14, 2024
Merged

Client cert callback to check if trusted certificate authorities match with client certificate chain #4900

merged 3 commits into from
Dec 14, 2024

Conversation

emasab
Copy link
Contributor

@emasab emasab commented Nov 13, 2024

in Java this selection is happening in X509KeyManagerImpl.getAliases

The field that is checked is certificate_authorities extension in TLS 1.3, that was present in CertificateRequest in previous versions in TLS and SSL.

@emasab emasab requested a review from a team as a code owner November 13, 2024 15:48
@confluent-cla-assistant
Copy link

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch 3 times, most recently from 9bfa41c to a81b168 Compare November 13, 2024 15:56
trnguyencflt
trnguyencflt previously approved these changes Nov 19, 2024
View reviewed changes
Copy link
Member

@trnguyencflt trnguyencflt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the change

@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from a81b168 to 7d147c1 Compare December 4, 2024 19:54
@emasab emasab changed the base branch from master to dev_ssl_send_full_certificate_chain December 4, 2024 19:55
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from 7d147c1 to 7f71403 Compare December 4, 2024 20:01
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_send_full_certificate_chain branch from ec21967 to 7ec52aa Compare December 4, 2024 20:03
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from 7f71403 to 4eaab30 Compare December 5, 2024 12:34
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_send_full_certificate_chain branch from 6cf59f0 to d64f4f8 Compare December 5, 2024 17:28
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from 4eaab30 to 1266043 Compare December 5, 2024 17:29
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_send_full_certificate_chain branch from d64f4f8 to f24ba97 Compare December 13, 2024 16:15
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from 1266043 to b962b62 Compare December 13, 2024 16:26
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_send_full_certificate_chain branch 5 times, most recently from 2f92f9f to 2af89bf Compare December 13, 2024 23:46
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from b962b62 to fccb1a2 Compare December 13, 2024 23:49
Base automatically changed from dev_ssl_send_full_certificate_chain to master December 14, 2024 11:31
@emasab emasab dismissed trnguyencflt’s stale review December 14, 2024 11:31

The base branch was changed.

@emasab
Failing test: expect the error code that is received
0ddb4fd 
when no certificate is sent instead of the one
received when it's sent but not trusted.
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from fccb1a2 to 6036fc5 Compare December 14, 2024 11:38
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_ssl_check_certificate_authorites_extension branch from 6036fc5 to 05f3979 Compare December 14, 2024 11:43
milindl
milindl approved these changes Dec 14, 2024
View reviewed changes
Copy link
Contributor

@milindl milindl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved after local testing.

@emasab emasab merged commit ac2a5e4 into master Dec 14, 2024
2 checks passed
@emasab emasab deleted the dev_ssl_check_certificate_authorites_extension branch December 14, 2024 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@milindl milindl milindl approved these changes

@trnguyencflt trnguyencflt trnguyencflt left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@emasab @milindl @trnguyencflt